The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Content provided by Snyk. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Snyk or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to The Secure Developer
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
A podcast about web design and development.
…
continue reading
Become the best software developer you can be
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of "climate tech" with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Why do only 10% of companies succeed with AI? In this series by MIT SMR and BCG, we talk to the leaders who've achieved big wins with AI in their companies and learn how they did it. Hear what gets experts from companies like NASA, Shopify, and others excited to do their jobs every day and what they consider the keys to their success.
…
continue reading
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
DevSecCon Panel
Manage episode 266105133 series 2621695
Content provided by Snyk. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Snyk or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Today’s episode of The Secure Developer features some fantastic content from a panel at DevSecCon London. Clint Gibler, Research Director at the NCC Group is joined by Doug DePerry, Director of Defense at Datadog, Tash Norris, Head of Product Security at Moonpig, Jesse Endahl, CSO at Fleetsmith, and Zane Lackey, CSO at Signal Sciences. The discussion begins with a dive into building a good security culture within a company and ways to get other members of an organization interested in security. Some of the strategies explored include cross-departmental relationship building, incentivizing conversations with the security team through swag and food, and embedding security within development teams. We then turn our attention to metrics. There are often competing priorities between developers and security, which can cause tension. The panel shares some of the security metrics that have and have not worked for them, and we also hear different takes on the often-divisive bug count metric. Next up is a dive into working with limited personnel and financial resources, one of the most common constraints security teams face. We hear how the panel approaches prioritization, adding value to the organization as a whole, and the importance of making the security capabilities digestible to the developers. After this, the panel explores risk quantification and subsequent communication. While it's difficult to quantify risk precisely, there are some effective strategies such as risk forecasting. Along with this, techniques on communicating with executives in resonant ways to convey the severity of potential threats are also shared. Other topics covered include policy-driven vs technical-driven security and skilling up less technical teams, how to know when security is ‘done,’ and incentives for upholding security protocols!
151 episodes
Share
Manage episode 266105133 series 2621695
Content provided by Snyk. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Snyk or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Today’s episode of The Secure Developer features some fantastic content from a panel at DevSecCon London. Clint Gibler, Research Director at the NCC Group is joined by Doug DePerry, Director of Defense at Datadog, Tash Norris, Head of Product Security at Moonpig, Jesse Endahl, CSO at Fleetsmith, and Zane Lackey, CSO at Signal Sciences. The discussion begins with a dive into building a good security culture within a company and ways to get other members of an organization interested in security. Some of the strategies explored include cross-departmental relationship building, incentivizing conversations with the security team through swag and food, and embedding security within development teams. We then turn our attention to metrics. There are often competing priorities between developers and security, which can cause tension. The panel shares some of the security metrics that have and have not worked for them, and we also hear different takes on the often-divisive bug count metric. Next up is a dive into working with limited personnel and financial resources, one of the most common constraints security teams face. We hear how the panel approaches prioritization, adding value to the organization as a whole, and the importance of making the security capabilities digestible to the developers. After this, the panel explores risk quantification and subsequent communication. While it's difficult to quantify risk precisely, there are some effective strategies such as risk forecasting. Along with this, techniques on communicating with executives in resonant ways to convey the severity of potential threats are also shared. Other topics covered include policy-driven vs technical-driven security and skilling up less technical teams, how to know when security is ‘done,’ and incentives for upholding security protocols!
151 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to The Secure Developer
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
A podcast about web design and development.
…
continue reading
Become the best software developer you can be
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of "climate tech" with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Why do only 10% of companies succeed with AI? In this series by MIT SMR and BCG, we talk to the leaders who've achieved big wins with AI in their companies and learn how they did it. Hear what gets experts from companies like NASA, Shopify, and others excited to do their jobs every day and what they consider the keys to their success.
…
continue reading
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
